[Bro] Bro behavioral analysis

M P mpselab at gmail.com
Wed Jul 29 06:24:58 PDT 2015


Here is another example from Bro's shellshock detector (emphasis is mine):

"...It's more comprehensive than most of the detections around in that it's
watching for *behavior* from the attacked host that might indicate
successful compromise or actual vulnerability."

Read more here: https://github.com/broala/bro-shellshock

Thanks.
MP



On Wed, Jul 29, 2015 at 3:08 PM, Savakh S <sovakah at gmail.com> wrote:

> Can someone explain why Bro is said "behavioral" IDS  and give an
> example ? I understand Bro can perform protocol analysis, DPI, by its
> analyzers, but what about "behavioral" ?
>
> Thanks in advance.
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150729/baab0da0/attachment.html 


More information about the Bro mailing list